#!/usr/bin/env python
# -*- coding:utf8 -*-
# uncompyle6 version 2.15.1
# Python bytecode 2.7 (62211)
# Decompiled from: Python 2.7.10 (default, Jul  1 2017, 13:36:56) 
# [GCC 4.4.6 20110731 (Red Hat 4.4.6-4)]
# Embedded file name: ./paas/common/decorators.py
# Compiled at: 2017-11-16 15:44:28
"""
Tencent is pleased to support the open source community by making 蓝鲸智云(BlueKing) available.
Copyright (C) 2017 THL A29 Limited, a Tencent company. All rights reserved.
Licensed under the MIT License (the "License"); you may not use this file except in compliance with the License.
You may obtain a copy of the License at http://opensource.org/licenses/MIT
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and limitations under the License.
"""
from functools import wraps
from django.conf import settings
from django.http import HttpResponse
from django.db.models import Q
from django.utils.decorators import available_attrs
from common.mymako import render_mako_context
from app.models import App
from saas.models import SaaSApp

def is_app_developer(view_func):
    """
    检查应用权限.
    
    以下两种情况出返回到错误页面：
    1   应用不存在
    2   当前用户没有管理该应用的权限，权限包括：
        普通应用: creater,developer,is_superuser
        SaaS应用: is_superuser
    """

    @wraps(view_func, assigned=available_attrs(view_func))
    def _wrapped_view(request, *args, **kwargs):
        username = request.user.username
        app_code = kwargs.get('app_code')
        if not app_code:
            return view_func(request, *args, **kwargs)
        apps = App.objects.filter(code=app_code)
        if not apps.exists():
            return _redirect_not_developer(request, 1, app_code)
        app_count = apps.filter(Q(developer__username=username) | Q(creater=username)).count()
        if app_count or request.user.is_superuser:
            return view_func(request, *args, **kwargs)
        return _redirect_not_developer(request, 2, app_code)

    return _wrapped_view


def is_saas_app_exist(view_func):
    """
    检查应用权限.
    
    以下两种情况出返回到错误页面：
    3   SaaS应用不存在
    4   当前用户没有管理该应用的权限，权限包括：is_superuser
    """

    @wraps(view_func, assigned=available_attrs(view_func))
    def _wrapped_view(request, *args, **kwargs):
        app_code = kwargs.get('app_code')
        if not app_code:
            return view_func(request, *args, **kwargs)
        apps = SaaSApp.objects.filter(code=app_code)
        if not apps.exists():
            return _redirect_not_developer(request, 3, app_code)
        if not request.user.is_superuser:
            return _redirect_not_developer(request, 4, app_code)
        return view_func(request, *args, **kwargs)

    return _wrapped_view


def is_superuser(view_func):
    """
    检查超级管理员权限
    
    自定义无权限返回页面
    """

    @wraps(view_func, assigned=available_attrs(view_func))
    def _wrapped_view(request, *args, **kwargs):
        if not request.user.is_superuser:
            return _redirect_not_developer(request, 4, '')
        return view_func(request, *args, **kwargs)

    return _wrapped_view


def _redirect_not_developer(request, error_id, app_code):
    """转到没有开发者权限页面.
    
    error_id 值：
    1   应用不存在
    2   当前用户没有管理该应用的权限，权限包括：creater,developer,is_superuser
    """
    if not request.is_ajax():
        return render_mako_context(request, 'error/app_error%s.html' % error_id, {'app_code': app_code})
    url = '%sapp/error/%s/%s/' % (settings.SITE_URL, error_id, app_code)
    return HttpResponse(status=402, content=url)


def escape_exempt(view_func):
    """
    XSS Escape豁免,被此装饰器修饰的action可以不转义数据
    """

    def wrapped_view(*args, **kwargs):
        return view_func(*args, **kwargs)

    wrapped_view.escape_exempt = True
    return wraps(view_func, assigned=available_attrs(view_func))(wrapped_view)
